Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered

SeongHan SHIN

IEICE TRANSACTIONS on Information and Systems   Vol.E104-D    No.11    pp.1880-1893
Publication Date: 2021/11/01
Publicized: 2021/08/05
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2021NGP0014
Type of Manuscript: Special Section PAPER (Special Section on Next-generation Security Applications and Practice)
password,  two-factor authentication,  key exchange,  leakage of stored secrets,  credential services,  provable security,  

Full Text: PDF>>
Buy this Article

In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.